oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: awstats

From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 14:30:27 -0500 (EST)
----- "Craig" <craig () haquarter de> wrote:


I think there isn't a CVE for this issues - which was fixed in 6.95 - yet
(quote from
http://awstats.sourceforge.net/docs/awstats_changelog.txt):

- Fix security in awredir.pl script by adding a security key required by
  default.
- Enhance security of parameter sanitizing function



I'm adding AWStats upstream to this reply. Can someone elaborate on those
fixes? Are they security flaws, or just proactive security measures.

If they're flaws that need CVE ids, I presume upstream will add them to their
security page:
http://awstats.sourceforge.net/awstats_security_news.php

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: